Are Computer Users Ready to Part With Passwords?

Woman in OSU homecoming parade crash faces second-degree murder charges

A woman is facing second-degree murder charges after authorities said she plowed a car into ...

Learn more

Replacing logins with phones is smart cybersecurity – but are users ready to abandon passwords?
Passwords used to be simple. Frequently personal, they were often revealing and sometimes embarrassing – the name of a cat, the month of an anniversary or a reminder of an inside joke.

Then things got complicated. A rise in online thefts spurred companies to require that passwords arbitrarily include numbers, capital letters or punctuation marks. Soon, they would have to be changed every few weeks or months with increasingly more complicated sequences, making necessary multiple passwords for computers and websites and email accounts.

But that may all be about to end.

Yahoo announced this week that it plans to abandon the password entirely, letting people access their mail with a mobile app that cybersecurity experts agree is more secure than memorizing custom logins.

The new Account Key option allows people to access Yahoo Mail by tapping a notification sent to their phones when they want to log in – and prevents hackers from accessing it illegally without such messages. This option “will be rolling out to other Yahoo apps this year” as part of the company’s plan for a “password-free future,” said a blog post by Dylan Casey, Yahoo’s senior vice president of product management.

Jonathan Klein, president of mobile software company MicroStrategy, says it’s a good idea and that the general public is coming around to the notion that “passwords are out of date.”

“About 99 percent of passwords that are used are common passwords, like a kid’s name or school or sports team,” he says. “These are some of the only things saving us from people draining our bank accounts. How long do you think it would take me to find out where you went to school or what your mother’s maiden name is?”

It probably works like that more often in Hollywood – like that episode of “Seinfeld” in which George Costanza reluctantly revealed his password was “Bosco” or in the 1980s film “War Games,” when two teenagers hacked the Pentagon’s nuclear missile launch system by correctly guessing that its designer had picked as its password the name of his dead son, Joshua.

But in reality, approximately 95 percent of Web app attacks last year were related to stealing credentials from users, according to a recent report on data breaches by Verizon. So shoring up the old system of passwords could be in everyone’s interest.

Facebook and Google are encouraging users to share their mobile phone numbers as a so-called “two-factor authentication” to ensure hackers cannot access an account illegally without passwords and numbers.

But while the notion of passwords is “very dated” because of the security risks and complicated process of remembering the logins, companies may have trouble getting people to trust them with their phone numbers, says Julie Ask, a principal analyst at Forrester Research. Indeed, Facebook users criticized the social network last year when the company made its mobile application a requirement for people who wanted to use the site through their phones out of concern that it gave the company too much access to info stored on their devices.

“Every time you ask consumers for more information some folks are going to drop out of the process,” Ask says. “You have to imagine that in Yahoo’s mind this is about selling more advertising, Companies want more ways to stay connected with your digital activity.”

Compared with some other telecoms and Internet companies, however, Yahoo has built a solid reputation for privacy, gaining them a perfect score for digital rights in a recent study conducted by the Electronic Frontier Foundation.

“We’re committed to protecting our users’ privacy and security, and outline clearly in our terms of service that we will not sell or share a user’s personal information, including their phone number, with anyone else, including for advertising purposes,” Fred Han, a spokesman for Yahoo tells U.S. News.

Yahoo’s new Account Key mirrors other efforts to replace passwords with phone authentication and seems like “a fine idea,” says Bruce Schneier, a fellow at Harvard University’s Berkman Center for Internet and Society who is both an expert on cybersecurity but also a fierce advocate for privacy rights. He is uncertain whether killing the password will become a trend, however, adding “the question is always user acceptance.”

Woman in OSU homecoming parade crash faces second-degree murder charges

A woman is facing second-degree murder charges after authorities said she plowed a car into ...

Learn more